Recent El Salvador Cyber Attacks

El Salvador Cyber Attacks Pose Significant Threats

Cybercriminals and hacking groups are increasingly exploiting geopolitical instability to launch attacks, like the recent El Salvador Cyber Attack, that create chaos and financial gain. Data breaches pose significant threats to national security, economic stability, and individual privacy. In countries like El Salvador, with a population of approximately 6.5 million, these effects can be even more pronounced due to limited resources and infrastructure to combat such threats.

Geopolitical Context of El Salvador

El Salvador’s geopolitical landscape is marked by internal political changes, economic developments, and technological initiatives, such as the adoption of Bitcoin as legal tender. The current administration, under President Nayib Bukele, has implemented measures aimed at reducing gang violence and has undertaken various reforms. These actions, alongside ongoing economic and social challenges, impact the country’s cybersecurity landscape, influencing its vulnerability to cyberattacks.

CiberinteligenciaSV Group

The group responsible for several recent leaks, known as CiberinteligenciaSV, is a Salvadoran data breach group that claims to have extensive information available for those who contact them. They are highly active on BreachForums, regularly posting detailed and sensitive information about Salvadoran citizens and institutions. CiberinteligenciaSV also maintains a Telegram group with nearly 3,500 members, expanding their influence and reach within the cybercriminal community.

Recent Data Breaches in El Salvador

Police Data Breaches:

On July 3, 2024, Constella Intelligence identified ten breaches related to the police in El Salvador. The leaked information involves reports on disappearances, vehicles, extortions, weapons, and other types of warnings and incidents. Moreover, on April 7, 2024, more than 10,000 arrest warrants from El Salvador were leaked.

This dataset provided freely by the attackers includes sensitive legal information that could be used to intimidate or manipulate individuals involved in ongoing legal proceedings. The data exposed in these breaches includes:

• Full names
• Telephone numbers
• Identity documents
• Addresses
• Crimes and events

These breaches pose significant risks to individual privacy and public safety, as the compromised data could be used for various malicious activities, including identity theft, extortion, and targeted attacks.

Movistar/Telefónica El Salvador:

A breach affecting Movistar de El Salvador was reported on May 4, 2024, compromising the personal data of more than 74,351 individuals. The leaked data includes:

• Phone numbers
• Full names
• Email addresses
• Addresses

This breach exposes sensitive personal information, potentially compromising the privacy and security of Movistar customers.

PGR El Salvador – Justice Institution:

A breach affecting the Procuraduría General de la República (PGR), a key institution within El Salvador’s Ministry of Public Affairs, was reported on April 29, 2024. The leaked data includes:

• SQL databases exported from the SQL server (37 GB)
• Over 2,000 tables with millions of records
• Complete files of backend and frontend systems (4 GB+)
• CSV files, VPN access, IP addresses, and other credentials

This breach exposes sensitive legal and administrative information, potentially compromising the integrity of El Salvador’s justice system.

ATM Chivo Wallet:

The Chivo Wallet, an electronic wallet created by the Salvadoran government to facilitate payments in dollars and Bitcoin, suffered a data breach on April 23, 2024. The leaked information includes:

• ATM code for Chivo Wallet
• VPN credentials

This breach undermines the security of the country’s financial transactions and affects public confidence in the government’s digital initiatives.

Vehicle Registration Data:

A dataset containing information on 824,536 vehicles in El Salvador was leaked on April 7, 2024. The data includes:

• Names
• License plates
• Models
• Brands
• Types
• Colors
• Years
• Conditions of vehicles

This breach provides cybercriminals with a comprehensive registry of vehicle data, which could be exploited for various malicious activities.

Massive Database of Salvadoran Citizens:

On April 2, 2024, a massive database containing detailed personal information and high-quality images of 5 million Salvadoran citizens was leaked. The data includes:

• ID and identification documents (DUI)
• Names and last names
• Dates of birth
• Telephone numbers
• Email addresses
• Home addresses
• 5,129,518 high-definition photos labeled by DUI numbers

This database, totaling 144 GB, represents a significant portion of El Salvador’s population, highlighting the severe implications of such a breach on national security and individual privacy.

Exploitation of Leaked Data by Cybercriminals

The accessibility of such extensive datasets significantly empowers cybercriminals. Attackers can exploit the leaked personal information to orchestrate various malicious activities. With detailed data on individuals, including their identification documents, contact details, and even vehicle registration information, cybercriminals can execute a range of harmful actions such as:

• Identity Theft: Stolen personal information can be used to create false identities for fraudulent activities.
• Financial Fraud: Banking details and personal data can facilitate unauthorized financial transactions and scams.
• Extortion: Cybercriminals can threaten to release sensitive information unless a ransom is paid.
• Targeted Attacks: Detailed personal data enables highly targeted and effective phishing campaigns, leading to further data breaches and financial losses.

Recommendations

Given the increasing frequency and sophistication of cyberattacks, it is crucial for individuals to adopt robust cybersecurity measures. Here are some key recommendations:

• Change and Strengthen Passwords: Individuals whose personal information has been exposed should immediately change and strengthen passwords for their online accounts, especially those related to financial and sensitive personal data, to prevent unauthorized access.

• Enable Two-Factor Authentication (2FA): For added security, enable 2FA on all accounts where this option is available, particularly for services like Chivo Wallet and Movistar, to provide an additional layer of protection against unauthorized access.

• Monitor Financial Accounts and Credit Reports: Individuals affected by the breaches should closely monitor their financial accounts and credit reports for any unusual activity or signs of fraud, especially given the exposure of data such as names, addresses, and identification documents.

• Be Cautious of Phishing Attempts: With detailed personal data potentially compromised, individuals should be particularly vigilant against phishing attempts. Verify the authenticity of emails, messages, and phone calls that request personal information or direct to login pages.

By implementing these strategies, individuals in El Salvador can better protect themselves from the growing threat of cyberattacks and data breaches. Staying informed and proactive is essential to maintaining security and trust in an increasingly digital world.